15 matches found
EUVD-2020-18132
Malware in sbrugna...
CVE-2020-25444
Cross Site Scripting XSS vulnerability in Booking Core - Ultimate Booking System Booking Core 1.7.0 via the 1 "About Yourself” section under the “My Profile” page, " 2 “Hotel Policy” field under the “Hotel Details” page, 3 “Pricing code” and “name” fields under the “Manage Tour” page, and 4 all t...
CVE-2020-25445
The “Subscribe” feature in Ultimate Booking System Booking Core 1.7.0 is vulnerable to CSV formula injection. The input containing the excel formula is not being sanitized by the application. As a result when admin in backend download and open the csv, content of the cells are executed...
Booking Core has an unspecified vulnerability
Booking Core is an application. A Laravel-based booking system designed for travel websites, malls, travel agents, tour operators, B&Bs, villa rentals, resort rentals, Make Travel websites.Booking Core has a security vulnerability that stems from the subscription functionality in Ultimate Booking...
CVE-2020-25445
The “Subscribe” feature in Ultimate Booking System Booking Core 1.7.0 is vulnerable to CSV formula injection. The input containing the excel formula is not being sanitized by the application. As a result when admin in backend download and open the csv, content of the cells are executed...
CVE-2020-27379
Cross Site Request Forgery CSRF vulnerability in Booking Core - Ultimate Booking System Booking Core 1.7.0 . The CSRF token is not being validated when the request is sent as a GET method. This results in an unauthorized change in the user's email ID, which can later be used to reset the password...
Cross site request forgery (csrf)
Cross Site Request Forgery CSRF vulnerability in Booking Core - Ultimate Booking System Booking Core 1.7.0 . The CSRF token is not being validated when the request is sent as a GET method. This results in an unauthorized change in the user's email ID, which can later be used to reset the password...
Input validation
The “Subscribe” feature in Ultimate Booking System Booking Core 1.7.0 is vulnerable to CSV formula injection. The input containing the excel formula is not being sanitized by the application. As a result when admin in backend download and open the csv, content of the cells are executed...
Cross site scripting
Cross Site Scripting XSS vulnerability in Booking Core - Ultimate Booking System Booking Core 1.7.0 via the 1 "About Yourself” section under the “My Profile” page, " 2 “Hotel Policy” field under the “Hotel Details” page, 3 “Pricing code” and “name” fields under the “Manage Tour” page, and 4 all t...
CVE-2020-25445
The CVE-2020-25445 entry concerns Booking Core 1.7.0 (Ultimate Booking System) where the Subscribe feature does not sanitize CSV cells, allowing CSV formula injection when a backend admin downloads and opens the generated CSV. The underlying issue is improper input handling in the subscription/ex...
CVE-2020-27379
CVE-2020-27379 affects Booking Core (Ultimate Booking System) Booking Core 1.7.0. The root cause is CSRF token validation failure when requests are sent via GET, allowing unauthorized changes to a user’s email ID. This could enable password resets using the modified email. The available connected...
CVE-2020-25444
CVE-2020-25444 affects Booking Core – Ultimate Booking System (Booking Core) version 1.7.0. The vulnerability is a Cross-Site Scripting (XSS) flaw exploitable via multiple input points: the My Profile page’s About Yourself section, Hotel Details’ Hotel Policy field, Manage Tour’s Pricing code and...
CVE-2020-25444
Cross Site Scripting XSS vulnerability in Booking Core - Ultimate Booking System Booking Core 1.7.0 via the 1 "About Yourself” section under the “My Profile” page, " 2 “Hotel Policy” field under the “Hotel Details” page, 3 “Pricing code” and “name” fields under the “Manage Tour” page, and 4 all t...
Booking Core 跨站请求伪造漏洞
Booking Core is a software application. A Laravel-based booking system designed for travel websites, shopping malls, travel agencies, tour operators, B&Bs, villa rentals, resort rentals, Make Travel websites. Booking Core suffers from a cross-site request forgery vulnerability that stems from...
Booking Core 安全漏洞
Booking Core is an application. A Laravel-based booking system designed for travel websites, malls, travel agents, tour operators, B&Bs, villa rentals, resort rentals, Make Travel websites.Booking Core has a security vulnerability that stems from the subscription functionality in Ultimate Booking...